Shoaib Yousuf

Tuesday, February 2, 2016

Data. However, the value placed on different types of data is shifting

While cybercriminals were once clamoring for your payment data, today they are much more interested in other types of information. And of course, it's all about the money.

Stolen credit-card accounts available on the "deep Web" are selling for 22 cents per record. Netflix account information, on the other hand, averages 76 cents per account. But the real deal is Facebook. A cybercriminal with stolen Facebook account information averages $3.02 for each one he sells. Uber accounts are even more valuable, bringing in $3.78 per account!

Change your passwords often, use strong ones and never use the same password more than once. If that's not realistic for you, use different passwords for your social and financial accounts.

Monday, June 22, 2015

Lots of people have "no idea," that their location is being tracked!A Carnegie Mellon University computer scientist recently studied how much the average mobile app user really knows about the rampant sharing of personal data. The study also looked at the impact this knowledge would have on behavior - in other words, how many people would chose to change app settings on their smartphones after learning how much data that app is collecting?

Twenty-four Android users were shown which apps were accessing their data and how often. One user, for instance, found his location data had been shared 5,398 times by 10 apps within 14 days. Just one of these apps, Groupon, checked in on the user's whereabouts 1,600 times over that 2-week window.

Fifty-eight percent of the study participants took action, specifically changing their app settings, upon learning of this rampant sharing of personal details. The other 40 percent, likely representative of the rest of the world, did nothing. That's probably because apps don't often allow users to pick and choose the data they are willing to share.

As John Zorabedian wrote on Sophos' Naked Security, "...without the ability to change app permissions on a granular level, users are left with little choice - you can either use the app or not."

The next time you are tempted to download an app, pay careful attention to the permissions screen. Are you willing... really... to share the information they want with potentially hundreds or thousands of others, to use as they want? Is the reward that app promises worth the risk?

Monday, April 27, 2015

Many of us actually turn a blind eye to the fact our private information is being, as this Australian reporter puts it, furiously scooped up by corporations, governments and others.Why? Because we see it as a harmless tradeoff for whatever convenience or bit of entertainment we get in return.
However, as this video details, more consumers are becoming aware of exactly what that tradeoff entails. And they're coming to it through social experiments like the one conducted in Australia.
A reporter arranged for baristas to behave like an online app. After taking the java order, the baristas asked their customers to give them details like their home addresses or their last four text messages. The coffee buyers were super uncomfortable.As we see in the video, the sharing of private information is no longer viewed as a harmless tradeoff when put in the faces of consumers. It's viewed with skepticism and dismay, just as some may argue, it always should be. The other day, a friend told me the fast-food restaurant chain app she downloaded asked for access to her camera and all the photos and videos stored on it!The takeaway? Pay closer attention to the information your new apps are asking to access. If something throws up a red flag, investigate. Or simply don't install the app.

Wednesday, January 14, 2015

In advance of the annual international Privacy Data Day, please share these three action tips to protect the privacy of consumers and businesses:

Nothing is truly free, including mobile apps. Be aware of the personal information you give mobile app providers. Many free apps sell your information to a wide range of companies, some of which may have malicious intents. Studies have shown most apps do not have many, or even any, security controls built in. Check privacygrade.org to see if the app you want respects your privacy and has security built in.

Be cautious with new "smart" devices. A wide range of new and unique gadgets -- from socks to smart cars -- connects you directly to other entities (and even to the Internet) to automatically share information about your activities, location and personal characteristics. Before using such devices, make sure you know which data they are collecting, how it will be used and with whom it will be shared.

Only share personal information with trusted sources. Be extra careful not to share sensitive personal information, such as social security numbers, credit card numbers and driver's license numbers. Don't do business with an entity that does not have a posted privacy notice.

Be mindful of any app that does not include a privacy policy, and train yourself not to just hit "Accept" on those data-gathering permission requests that pop up after you download a new one.You should absolutely understand what you are being asked to give up to take advantage of the app. Is it worth it?

Saturday, August 16, 2014

Facebook using the browsing data of its members to target the ads of its advertising partnersThe Facebook used by billions is sharing its users' online behavior in ways it previously said we could opt out of.

As Venture Beat reports, anytime a Facebook user visits a site with a "Like" button (any site, not just a Facebook page), that visit is stored by Facebook and used to better target the ads of its advertising partners. No need for the user to actually click the Like button. The page visit is enough to trigger the storage of user data.I actually tested this by visiting several types of websites I've never visited before. Low and behold, I started seeing ads for associated items on my Facebook page.

There are a few tools that allow you to block sites like Facebook from inserting tracking code into your browser. Learn about them here.

Tuesday, August 12, 2014

A Handy Way to Foil ATM Skimmer Scams - Thieves continue to place hidden cameras at ATMs to surreptitiously record customers entering their PINs. This previously reported way to stop from being a victim still works against the hidden cameras.

Friday, August 8, 2014

Avoid using Personal Cloud Storage for confidential/sensitive dataDropbox and other file-storage and sharing applications like it are incredibly helpful to business travelers. Not having to lug along a laptop or risk misplacing a thumb drive certainly add to the enjoyment of time away from the office.

However, these applications do come with some risks. This is especially true when users generate links to share information with others. Several basic flaws within Box and Dropbox specifically allow the shared documents to be viewed by third parties.

It comes down to this: Many people do not take basic security steps, even when communicating highly sensitive information. Worse, they may even mix their personal communications and information with confidential workplace data.

For its part, Dropbox disabled all access to public links and created a patch to keep shared links from becoming public. However, this is the third security breach for Dropbox in as many years, so diligence on the site and others like it has to be considered among users.

When considering a file-sharing service site, follow these rules of thumb:

Use a strong password.

Encrypt files in storage ("files at rest").

Encrypt files sent to and obtained from the site ("files in motion").

Look for a third-party security and privacy audit or some other validation that the site truly is secure.

Do an online search to see if the service has been breached in the past year or two.

Make sure that you can completely remove all files from the site when you stop using it.

Friday, July 25, 2014

Havex Summary Report - Threats & MitigationA previous spot report released by Cimation's ICS Threat Intelligence team provided a threat overview of Havex, the malware family being used for targeted attacks against specific industry sectors. What many reports fail to mention is that this malware code has been altered to specifically target ICS/SCADA systems.In this newly-released summary report, Cimation's ICS Threat Intelligence and Vulnerability Research Teams expose the operational-level impact and technical indicators of compromise from this attack.Download the Report to access:

A detailed Havex threat summary and overview.

How Havex infects and affects your systems.

Technical analysis and breakdown of the Havex threat.

Tactical mitigation strategies for prevention, detection and removal of this threat.

Sunday, June 22, 2014

Have you ever wondered what becomes of your online accounts after you die? The Washington Post recently looked into the question, and reports that "The immortality of one's digital accounts is one of the more morbid philosophical wrinkles of modern life."

Here are a few of the take-aways from the article:
Family who want to access these accounts often can't.
Digital asset laws vary greatly by state and country.

The spookiest take-away: Artificial intelligence-like technology may someday Tweet in a user's voice after he or she dies.

Monday, May 26, 2014

Results of Bank Director’s 2014 Risk Practices SurveyThe Bank Director’s 2014 Risk Practices Survey reveals some very interesting information about the risk management programs that bank boards have in place.It’s classically challenging for many banks to assess how risk management practices affect the institution. However, banks that have worked at measuring the impact of a risk management program report favorable outcomes on financial performance.Survey Findings

97 percent of the respondents reported the bank has a chief risk officer in place or equivalent.

63 percent said that a separate risk committee on the board oversaw risks.

Senior execs want the board to have more training in overseeing the risk appetite and related issues.

55 percent believe that the pace and volume of regulatory change are the biggest factors in leading to risk evaluation failures.

Maintenance of data infrastructure and technology to support risk decision making is a leading risk management challenge, say over 50 percent of responding bank officers, and 40 percent of survey participants overall.

Monday, May 12, 2014

Beware of new scams and privacy pitfallsNew ways to fool people out of their money, information and identities pop up nearly every day. Here's a quick round up of some of the latest tricks and traps:

New Scam Targets Homeless: Fraudsters pay homeless people to take out cell phone contracts in their names. The fraudsters keep the phones, rack up the bills and then sell the phones, ruining the homeless person's credit.

Getty Images Allows Free Embedding, but at What Cost to Privacy? People can embed images in their sites for free, so long as they use the provided embed code and iframe. Because of the scope of Gettys' reach, this may allow the company to correlate more information about a user's browsing history than any single site could. Just another reminder that nothing's truly free in this world!

Human Error Tops Ponemon Patient Data Security Study Threats: 75 percent of healthcare organizations view employee negligence as the greatest data breach threat. This result underscores the importance of good security and privacy controls (and excellent employee training!) in healthcare environments. This extends to medical device manufacturers, who often work off very old technology software and continue to insist that controls are too cost-prohibitive.

The Data Brokers - Selling Your Personal Information: 60 Minutes' Steve Kroft recently reported on his investigation of the multibillion dollar industry that collects, analyzes and sells the personal information of millions of Americans with virtually no oversight.

Astoundingly, two years ago at least 13 million U.S. Facebook users didn't use or weren't aware of the social network's privacy control settings. Based on various news reports covering Facebook privacy, it is anticipated that this number has not gotten smaller, but more likely has increased (perhaps by a significant amount now that there are more than a billion active mobile Facebook users).

How many of these millions are within your employee, patient or customer communities? How does this impact you personally, or put your own information at risk? Remember, your privacy can be impacted simply by being associated with "friends" who don't activate their privacy control settings.

Understanding how your stakeholders use Facebook and other social networks is a critical component to protecting yourself, your organization and the people it serves.

Monday, April 21, 2014

Adobe Flash Malware driven by infected "Router" The Moon MalwareFew days ago, I started to receive a pop-message "WARNING! Your Flash Player may be out of date". Please update to Continue., when I was trying to access websites like Facebook, YouTube, Google, etc.If you're receiving a similar message then continue to read but make sure you don't click on anything nor try to update the flash player from the pop-window. You may check your current version of the "Adobe Flash Player" by visiting "Adobe" official website. If you're using Google Chrome browser, it already includes Adobe Flash Player built-in. Google Chrome will automatically update when new versions of Flash Player are available.You will also notice that the same message is poping-up on all the devices which are connected to the same router (mobile phones, laptops etc.).

Now even the dumbest person should know it is not coming from computer but from the network which means your router is infected. It's commonly happening with Linksys, Asus and few other manufacturers.How to fix this?

Reset your router (by holding down the reset button under the router for 6 seconds).
Note after restart all your ISP settings will be lost.

Configure your router again with the ISP settings (username and password also required).

Clear your browsers cache and pop-up message will not appear again.

Refer here for some basic tips on hardening your router to avoid such things happening again.